X
xclch
Hi,
I am going to explain my problem, I have a large network where I currently have several DNS servers (WSERVER2012) that are also domain controllers and the DNS configurations are replicated from each other. When configuring DNSSEC in this environment, I have a problem when I try to activate trust anchors on one of the servers.
When I run the command "dnscmd / RetrieveRootTrustAnchors" with administrator permissions, it returns the following error. That after looking it up in the microsoft documentation it does not give me any additional information apart from "DNS operation refused".
##############################################################################
C:\> dnscmd /RetrieveRootTrustAnchors
Are you sure you want to Retrieve and add root trust anchors (activating DNSSEC validation)? (y/n) y
Command failed: RCODE_REFUSED 9005 0x232D
##############################################################################
Also, I have reviewed the firewall rules and logs in case the download blocked but it was not. I've also checked with wireshark and I don't see any connection attempt by the server when I run the command. I have tried on other DNS servers with the same result. I have no error or warning in the event viewer. So there seems to be something on the server(s) that is not letting the above command run.
I have also tried to try adding the DNSKEY manually but I think the procedure is not correct.
Is there a solution to activate the trust anchors or any additional tests to clarify the case?
Thank you very much and greetings,
Continue reading...
I am going to explain my problem, I have a large network where I currently have several DNS servers (WSERVER2012) that are also domain controllers and the DNS configurations are replicated from each other. When configuring DNSSEC in this environment, I have a problem when I try to activate trust anchors on one of the servers.
When I run the command "dnscmd / RetrieveRootTrustAnchors" with administrator permissions, it returns the following error. That after looking it up in the microsoft documentation it does not give me any additional information apart from "DNS operation refused".
##############################################################################
C:\> dnscmd /RetrieveRootTrustAnchors
Are you sure you want to Retrieve and add root trust anchors (activating DNSSEC validation)? (y/n) y
Command failed: RCODE_REFUSED 9005 0x232D
##############################################################################
Also, I have reviewed the firewall rules and logs in case the download blocked but it was not. I've also checked with wireshark and I don't see any connection attempt by the server when I run the command. I have tried on other DNS servers with the same result. I have no error or warning in the event viewer. So there seems to be something on the server(s) that is not letting the above command run.
I have also tried to try adding the DNSKEY manually but I think the procedure is not correct.
Is there a solution to activate the trust anchors or any additional tests to clarify the case?
Thank you very much and greetings,
Continue reading...